Executive Director ITS/Chief Security Officer

About The Position

Requirements

• Bachelor’s degree in Information Technology, Computer Science, Cybersecurity, Business Administration, or a closely related field.
• CISM required within 1 year of employment.
• Minimum of ten (10) years of progressive experience in information security, cybersecurity, risk management, identity and access management, or a closely related information technology discipline, including 5+ years in a senior leadership or management role with direct supervisory responsibility.
• Incumbent will be on-call and have extended work hours occasionally.
• Position will be Hybrid per policy.

Nice To Haves

• Master’s degree in Information Technology, Cybersecurity, Business Administration, or a closely related field.
• Preferred candidates will hold additional certifications in information security, networking, or cloud platforms (e.g., CISSP, CISM, AWS, Google, Azure, Cisco)
• Experience leading information security programs in a higher education or public sector institution.
• Demonstrated experience implementing or managing enterprise IAM platforms (e.g., Microsoft Entra ID/Azure AD, Okta, SailPoint, Fischer Identity or equivalent).
• Demonstrated experience with cloud security architecture in hybrid or multi-cloud environments.
• Familiarity with ITIL or Agile service delivery frameworks and their application to security operations.
• Experience presenting to senior leadership, institutional governance bodies, or boards on cybersecurity risk and program performance.
• Active participation in professional security communities or information-sharing organizations (ISACA, (ISC)², EDUCAUSE, MS-ISAC, InfraGard, or equivalent).

Responsibilities

• Strategic Security Leadership and Program Management: Develop and evolve an institution-wide information security strategy and multi-year roadmap aligned with JCCC’s mission and FY2027 priorities. Serve as the primary security advisor to the VP of Information Services/CIO and leadership, providing regular reporting on security posture and program effectiveness. Establish and maintain a cybersecurity governance framework, including a security steering committee and risk tolerance guidelines. Monitor the external threat landscape and evolving regulatory requirements to adapt the college’s security posture proactively. Integrate AI and emerging technology governance into the security framework, establishing guardrails for institutional adoption.
• Identity and Access Management (IAM): Lead the enterprise identity lifecycle program to ensure secure, scalable, and compliant access to institutional data and systems. Oversee IAM/IDM solutions, including MFA, SSO, PAM, and enterprise directory services. Collaborate with infrastructure and application teams to embed identity controls into system design and onboarding. Enforce Role-Based Access Control (RBAC) frameworks aligned with data classification and the principle of least privilege. Drive continuous IAM improvements to support cloud adoption and hybrid infrastructure.
• Compliance, Governance, and Risk Management: Ensure systems and vendor relationships comply with federal/state laws (FERPA, GLBA, PCI-DSS) and higher education requirements. Lead the cybersecurity risk program, including regular assessments, vulnerability management, and audit coordination. Maintain a current risk register and report mitigation progress and residual risk to leadership. Serve as the primary contact for internal and external auditors, coordinating responses and tracking remediation of findings. Champion program alignment with industry standards such as NIST CSF and ISO 27001/27002.
• Incident Response and Business Continuity: Lead the development and execution of the cybersecurity incident response plan, including communication protocols and escalation procedures. Act as the primary coordinator for security incidents, overseeing investigation, containment, and recovery. Oversee business continuity and disaster recovery planning for critical systems and information security. Conduct after-action reviews to identify lessons learned and improve detection and response capabilities. Maintain relationships with law enforcement and threat intelligence agencies (CISA, MS-ISAC) for incident coordination.
• Security Awareness, Training, and Culture: Design and evaluate security awareness programs for all faculty, staff, and students. Develop role-based training for specific risk profiles, such as financial data handlers and IT administrators. Use phishing simulations and completion rates to measure program effectiveness and guide improvements. Promote a college-wide security culture through communications, recognition programs, and a security champion network
• Policy Development and Implementation: Develop and enforce a comprehensive suite of security policies, standards, and procedures for the college community. Ensure policies are reviewed regularly for alignment with regulatory requirements and industry frameworks. Coordinate communication and acknowledgment processes to ensure broad compliance and understanding across the institution.
• Budget and Resource Management: Manage the information security budget, ensuring resource allocation aligns with risk priorities and institutional goals. Evaluate and oversee investments in security technologies, managed services, and vendor partnerships. Negotiate contracts and manage vendor performance for all security-related tools and services.
• Other duties as assigned

Benefits

• Health insurance with some employer paid options.
• Life insurance & AD&D (employer provided)
• Retirement plans (403(b), 457(b), and KPERS)
• Employer paid 8% contribution into a 403(b) no match required
• Paid time off (vacation, sick, personal, and floating holidays)
• 14 days of paid holidays
• Full tuition reduction for JCCC credit courses (for employee and eligible dependents)
• Tuition reimbursement / assistance for non‑JCCC courses for employee
• Free access to the Gym on campus for all employees and dependents
• Discount to the Hiersteiner Child Development Center
• And many more!